Throughout history several operating systems have been developed for cybersecurity, among which has always stood out Kali Linux, this being an unofficial standard within the industry and being the preferred for those who start mainly in offensive operations such as pentesting or, for those who saw themselves as Mr Robot and think they are hackers for using tools they do not understand (please do not be one of those), but what has happened is that, although Kali Linux has always been characterized by being oriented to offensive security, they have made a leap to create another Linux distribution oriented to users who are interested in defensive security, this is Kali Purple.
What is Kali Purple
Kali Purple is a Linux distribution oriented to be used as a mini SOC, its included tools are focused on defensive and offensive security (of the latter, really very few, no nmap or anything, a lack of respect), let’s say that, if we put it as a parable, Kali Purple is the DLC of Kali Linux, but free, although it is not something that is integrated to the main distro (as it is a separate distro) if it is true that only adds features and, in fact, modifies the existing Kali Linux.
Kali Purple mainly has its appeal as it is one of the first distros intended for defensive security operations, such as blue team exercises or merely day-to-day operations in a SOC.
What tools does Kali Purple include
Kali Purple includes several tools, as I said, both offensive and defensive security, the first ones we will skip because it would be like counting the tools that Kali Linux already comes with, the tools are divided into four main categories which are.
- Identify.
- Protect.
- Detect.
- Respond.
- Recover.
To highlight the various defensive security tools it comes with, we can mention Elastic SIEM, Arkime, Malcolm and Hedgehog.
Kali Purple download format
If you plan to install this Linux distribution, keep in mind that the requirements whether you are going to virtualize it or install it on metal (not recommended) are very similar and almost the same as Kali Linux, at this time there are not as many download formats as the latter has, you can only download the iso and from there install Kali Purple wherever you want.
Also when downloading, always check that the file has the official hash f8c054fda06229b5ba26c7a367989eeeac91a4813318255eff173b7d7144bae1 which is in SHA256, this to ensure that the iso image was downloaded without problems or that you did not download a modified iso image.
Differences between Kali Linux and Kali Purple
The most elementary difference between these two operating systems is the color, don’t believe it, concretely both distros are really similar, since they are literally the same distro, but with different customization layers, consequently, Kali Purple is also part of Debian.
But what can really cause a difference is in the number of tools and resources that each one brings, since Kali Linux focuses mainly on bringing tools oriented to offensive security operations such as pentesting and network team while Kali Purple only includes tools for defensive security and very few for offensive security, more than Kali Purple, it should be called Kali Blue.
On the other hand, this distro, comes with an approach of not being just an operating system for an individual to use it without further ado, but rather, it is thought as an In-A-Box SOC type architecture, that is to say, to have the resources of a SOC in a distro that is simple to use.
